Bug 5094 auth_by_bind authentication can fail even if given a correct password and userid

When using

<replicate>0</replicate> <!-- add new users from LDAP to Koha database -->
<update>0</update> <!-- update existing users in Koha database ->
<auth_by_bind>1</auth_by_bind> <!-- set to 1 to authenticate by
binding instead of password comparison, e.g., to use Active Directory -->

Auth_with_ldap attempts to lookup the userid in the LDAP directory to
fill $userldapentry despite it being unneeded in this case.  The information
retrieved will be thrown away, thus there is no need to retrieve it.
This can cause authentication to fail overall even if the initial bind with the
user's credentials succeeded

Signed-off-by: Joe Atzberger <ohiocore@gmail.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

C4/Auth_with_ldap.pm

@@ -119,8 +119,14 @@ sub checkpw_ldap {
         }
 
 	# FIXME dpavlin -- we really need $userldapentry leater on even if using auth_by_bind!
-	my $search = search_method($db, $userid) or return 0;   # warnings are in the sub
-	$userldapentry = $search->shift_entry;
+
+	# BUG #5094
+	# 2010-08-04 JeremyC
+	# a $userldapentry is only needed if either updating or replicating are enabled
+	if($config{update} or $config{replicate}) {
+	    my $search = search_method($db, $userid) or return 0;   # warnings are in the sub
+	    $userldapentry = $search->shift_entry;
+	}
 
 	} else {
 		my $res = ($config{anonymous}) ? $db->bind : $db->bind($ldapname, password=>$ldappassword);